Everything you wanted to know about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING

With Windows 10 now into its latest edition, the 1607 “Anniversary” update, it now appears, for better or worse, to be here to stay. It has generated a lot of interest; supposedly the “last version of Windows”, many expected it to be akin to Windows 7 – an improvement following a much-maligned previous Windows version. However, the reality has turned out to be somewhat different from what many were expecting.

Microsoft are now “cloud first, mobile first”, and a lot of this new strategy shows through – sometimes somewhat cynically – in Windows 10. For my sins, I’ve been involved in a Windows 10 deployment since August of 2015, so now, just over a year in, it is maybe time to share the things I’ve learned in the hope that it may give some of you a bit of help when it comes to deploying (or not deploying!) this new version of Microsoft’s flagship operating system.

This set of articles is going to expand at the rate of one a day over the next week or so, and cover a wide range of issues for those of you deploying Windows 10 – whether it be fully virtualized via Citrix XenDesktop or the like, or simply a general physical deployment. Hopefully, it will be everything you need to know!

Dealing with roaming is always fun in Windows 10. According to a lot of Microsoft consultants I’ve spoken to in the last year or so, the original mantra from Redmond was simply “roaming is dead” – everything in Windows 10 was intended to be local to the device, with a few settings synced up into the cloud. Ideal if every user has a dedicated device that’s immune to hardware failure, I guess 🙂

With this in mind, though, let’s not forget Windows 10’s “cloud cadence” of fast updates (unless you’re on LTSB). If you’re possibly going to receive two or three full operating system upgrades per year, you don’t really want to be doing in-place upgrades (most IT people are familiar with the reasons why). Ideally, when you upgrade the OS, it should be a wipe-and-reload approach. But that means, to preserve your user’s data and application settings and OS configuration, you need some form of roaming capability, even if you’re not a “traditional” roaming environment – well, either that, or a reliable migration tool. You can’t ask users to lose their personalized settings two or three times a year – not unless you want grumbling to turn into active rebellion. Microsoft may have declared “roaming is dead”, but unless you want to adopt LTSB right across the board, then their very own servicing process may have made it very much alive.

But even aside from this consideration, there are also a huge number of enterprises out there that still have roaming requirements – be it standard hot-desking or full non-persistent VDI. Thankfully, there has been a (little!) bit of backtracking from Microsoft regarding this and now they are trying (over a year from RTM) to accommodate those of us who have this need for roaming capability.

Of course, with the Anniversary Update Microsoft’s own roaming product, UE-V, is actually baked into the operating system (along with App-V), simply waiting to be activated. So it’s not clear whether the initial rejection of roaming solutions was intended to drive people towards their own UE-V product – or even towards the new, Azure-based Enterprise State Roaming (currently only available to customers with a Premium Azure Active Directory subscription). I’m going to discount the Enterprise State Roaming product from this article, because as it stands, ESR only roams settings for the OS, Internet Explorer, and Modern Apps. If you want to roam traditional application settings, Microsoft recommend using UE-V, or the Desktop Bridge (which allows you to convert your applications to Modern Apps and use ESR to roam the settings, but this process looks seriously non-trivial).

For the record, most Windows 10 settings roam fine, but the main one that we’ve all been struggling with is the Start Menu. And this is really annoying, because the Start Menu is the first thing that the user generally interacts with when they use a Windows 10 desktop, and possibly the most “in your face” part of the new OS features. If they personalize it, it’s very annoying to go to another machine and find it has reverted to default, or is showing blank tiles – to the extent that they believe that roaming has failed completely. Roaming Modern App settings is also very difficult, but because (apart from Edge) there isn’t yet a Modern App I’ve seen that has enough settings for the user to even care about roaming, I’m going to consider these (currently) out of scope too. We will look at specifically roaming the Start Menu – if this works, then just about every other OS and application setting should work too.

We are going to look at a number of roaming solutions – some quite “lite”, others quite high-end. Obviously we can’t cover everything, as this is a crowded space, so I will just stick to the few I can provision at short notice:-

Traditional Microsoft roaming profiles

Microsoft UE-V

Citrix User Profile Manager

FSLogix Profile Containers

AppSense Environment Manager

PROBLEMS

The issues with roaming the Start Menu are well-documented. Rather than using a flat filesystem, the Start Menu settings are pulled together in a file called vedatamodel.edb which sits in %LOCALAPPDATA%. The operating system has various hooks into this database, which can cause issues when trying to manipulate it for roaming.

To be fair this isn’t the only part of Windows 10 that jumps into a Jet Blue database for storing settings – many Modern Apps do (including Edge), the Notification Center does, and Internet Explorer cookies use this format too (which started in IE10, and which was covered in several articles by my good self). It is, however, the only one that is highly visible to the user – even the IE cookies database only reveals itself when visiting Internet sites.

The 1607 update (fully-patched as of today) is what we are going to use for our testing platform. We will log on, customize the Start Menu by pinning a desktop application, a Modern App, a folder, a website, an RDP connection and changing the name of the groups (see below for an example).

Interestingly, when you pin RDP connections and websites, no matter what the source of the shortcut that you “Pin to Start”, a file representing each of these shortcuts is dropped into the path %APPDATA%\Microsoft\Windows\Start Menu\Programs. These must be captured into roaming in order for them to persist.

If these changes successfully persist when we log on to another device, then we will consider that the method in use is compatible with the latest version of Windows 10. Other Windows 10-specific things, such as Jump Lists hanging from the Start Tiles, seem to roam quite happily provided they are set up correctly in the methods we used in previous OSes (these will be documented in a future article for posterity, but information on pinned items and jump lists are quite easy to find on the Internet).

Now, bear in mind that roaming profiles for different operating systems increment a version number to the profile, as they become incompatible when you try to use them on multiple platforms.

Windows XP and Server 2003 – v1

Windows 7, Windows Vista, Server 2008 and Server 2008 R2 – v2

Windows 8 and Server 2012 – v3

Windows 8.1 and Server 2012 R2 – v4

Windows 10 RTM and Windows 10 1511 – v5

Windows 10 1607 and Server 2016 – v6

We are going to test roaming profiles using a .v6 profile. This suffix is automatically appended to the folder defined in ADUC or GPO when creating and accessing the folder, dependent on the source OS – there is no need to reference it yourself. See here for more information on profile versions.

However, the latest build of Windows 10 currently has a bug, where if you define the GPO for Delete cached copies of roaming profiles, it assigns you a temporary profile every time you log in. I’d normally recommend always having this GPO enabled in a non-persistent environment (obviously this recommendation would be different for mobile devices), but for the purposes of this article, we have turned the GPO off. Microsoft report that it should be fixed towards the end of this month (Sep 2016) – I will update when verified that the fix is in place (now fixed).

Now, those of you with your heads screwed on will be quite aware of where the database that holds the Start Menu sits:-

%LOCALAPPDATA%\TileDataLayer\Database

And of course, a traditional roaming profile doesn’t save anything in %LOCALAPPDATA% – merely %APPDATA%. Using GPOs, you can only exclude directories from a roaming profile, not include them, so adding the database files in is not possible. Therefore, we’d expect our roaming profile to fail.

Indeed it does – although, rather strangely, the RDP and web shortcuts we added are now showing in the Start Menu “All Apps” section, just not in the “Tiles” section. This appears to be because when you add a shortcut for RDP, web or a folder to the Start Tiles, it drops a corresponding shortcut into %APPDATA%\Microsoft\Windows\Start Menu\Programs (see below)

But as you can see, the Start Menu is a mess – it has tried to revert to the default user layout specified in DefaultLayouts.xml and LayoutModification.xml (which is the default behaviour when no database is detected in the user profile), but most of the shortcuts are missing. Suffice to say – for roaming Windows 10 settings, a roaming profile comes up as a FAIL.

Some of you may remember I penned an earlier article which involved using the Export-StartLayout cmdlet to save a copy of the user’s settings, and then importing this into %LOCALAPPDATA%\Microsoft\Windows\Shell at logon. As long as the user didn’t have a profile on the machine, this would reimport the Start Tiles settings. However, I’m not 100% happy with this process as it seems to be a little hit-and-miss, and especially with 1607 now having a bug when the “delete cached copies” GPO is configured, it’s not really suitable for widespread deployment.

MICROSOFT USER EXPERIENCE VIRTUALIZATION (UE-V)

This is Microsoft’s official recommended product for roaming your user state, if you wish to save the settings for legacy desktop applications.

Unfortunately, even though I have it fully enabled in Windows 10 and all of the relevant GPO settings deployed, UE-V never seems to start running! This must be some sort of bug, as it worked fine in the 1511 builds (with the agent installed manually). However, as it cannot even function, we have to regard UE-V as a FAIL also – I will update this if I can find the issue and resolve it.

CITRIX USER PROFILE MANAGER (UPM)

Citrix UPM has always been a solid lightweight profile management tool, and will probably continue to do so even with Citrix’s acquisition of Norskale, as Norskale is a policy rather than personalization tool.

However, with Windows 10, UPM really struggled, necessitating some hacks to unhook the Tile Data Model Server service so the Start Menu database could be copied. However, with the latest version of UPM and the 1607 update to Windows 10, things are looking better – as long as your UPM settings are configured correctly.

The settings for UPM that you need are detailed in this export from my UPM GPO in order to get it to work. Obviously, there are settings included in here that you may not want (streaming, share path, etc.) The main thrust you need are the inclusions and exclusions, which I’ve also reproduced below (obviously these are my entire set of exclusions not just for the Windows 10 OS!)

In my testing, having these inclusions and exclusions configured allows the Windows 10 Start Menu, Start Tiles and all other settings to roam correctly, giving UPM (set up correctly!) a PASS.

FSLOGIX PROFILE CONTAINERS

FSLogix provide a simple profile management solution based around a similar concept to Microsoft’s User Profile Disks (more on these in an article after the Windows 10 series). Simply, a virtual disk is mounted from a network share to replace the user’s profile.

There’s very little configuration to be done, the entire %USERPROFILE% area is replaced by a junction point. So let’s see if it works with Windows 10…

Colour me very impressed…no muss, no fuss, works straight out of the box. FSLogix gets itself a PASS too!

APPSENSE ENVIRONMENT MANAGER

I have tested one of the higher-end UEM solutions for roaming as well, and not surprisingly it is AppSense Environment Manager, using the Personalization Server aspect to achieve this. I’ve also used version 10, because it isn’t really that radically different from version 8, and configurations should be easily portable between the two.

In order to configure AppSense Personalization Server to work correctly, we need to save the following settings into our Windows Settings Group:-

{CSIDL_PROGRAMS} (to capture pinned folders, RDP items and websites)

{CSIDL_LOCAL_APPDATA}\TileDataLayer\Database\vedatamodel.edb

{CSIDL_LOCAL_APPDATA}\Microsoft\Windows\appsFolderLayout.bin

This, when configured, should allow us to capture the settings required to roam around the Start Menu settings.

However – there is a slight issue currently, in that the hook into the system services is not released at the time the Personalization Server attempts to copy the data. According to AppSense, this is due to be resolved in the next update to the Environment Manager software, once this released I will test and update the article.

For the moment, what you need to do is use the Policy Configuration area of EM to stop a couple of system services as the user logs out (in the Logoff trigger) so that the hook is released and the Personalization Server can copy out the required data. This is much easier in AppSense than it is in simpler UEM solutions, because AppSense supports running the command in the SYSTEM context and therefore providing easy check-box elevation. Here’s the command you need – I’ve done it in PowerShell, but you could easily leverage net.exe to do this as well:-

Obviously, don’t forget the elevation, or this isn’t going to work…

With Personalization Server and Policy configured in this way, AppSense EM works seamlessly to roam the Windows 10 Start Menu settings.

It’s a bit disappointing that the functionality isn’t fully native as yet, but as we are assured that the functionality is just around the corner, and that it can be enabled easily by leveraging AppSense’s policy tools, we will grade Personalization Server as a PASS for roaming Windows 10 settings.

WRAP-UP

It’s worth mentioning that with Windows 10 1511 and 1607 being distinctly different operating systems, that the simpler roaming solutions like FSLogix Profile Containers and MS roaming profiles wouldn’t work across both platforms. You’d need something like AppSense or RES or one of the other high-end UEM vendors if you wanted to get true cross-platform capability between 1511 and 1607.

But it is also worth mentioning that, in my opinion, the Start Tiles area of the Start Menu is really the one you need to deal with to achieve smooth roaming. Microsoft’s roaming profiles can’t manage it, but all of the UEM vendors appear to be catching up, which is good news.

Besides the Start Tiles, a lot of Windows 10 settings roam just fine. There are a few notable exceptions (file type associations and IE/Edge home pages spring to mind here, which are really something for a different and more detailed article), but if you can succeed with the “in your face” Start Tiles, you should be close to achieving smooth roaming for Windows 10 users.

In my opinion you absolutely need either a roaming capability or at the very least a migration tool that can deal with user settings, because unless you’re an LTSB adopter you could be potentially reloading your operating system two or three times a year, and in-place upgrades are, in my opinion, a very bad idea.

I’m still a bit confused as to why UE-V doesn’t function at all on 1607 – I have a few pointers and will test them out as soon as possible. It is now native, so you’d expect it to work, but I will update the article as soon as I can find out what the issue is.

But the main takeaways here are:-

You definitely need a roaming or migration capability if you’re going to adopt the Current Branch for Business model of Windows 10

Technologies like UPM, Profile Containers and AppSense can now manage the Windows 10-specific roaming much better than they did previously

Built-in Microsoft tech like roaming profiles or UE-V don’t currently seem to work on 1607 builds

The next part of this series will discuss the slightly-related subject of PROFILES.

CREDITS

Thanks to David Ott, Rene Bigler and Trond Erik Haavarstein for their help with some of the areas covered in this article.

By James Rankin

Name

Email address(required)

Your message

Are you human?(required)

This field should be left blank

Please wait...

James is a solutions architect and strategist focused mainly on end-user computing technologies, cloud capability, automation, monitoring and directory services. He is also a well-regarded technical blogger, journalist and speaker, writing for several online publications as well as the HTG blog, and frequently found speaking at user groups, vendor conferences and online webinars.

James is passionate about providing the perfect user experience, always looking to design solutions that are simple, sustainable and easy-to-use. He works extensively with technologies from both large and small vendors and is always looking for new ways to enhance and extend the capabilities of the solutions we provide to our clients.

He has recently been admitted to the Citrix Technology Advocate (CTA), VMware vExpert and AppSense Community Advisor (ACA) programs in recognition of his contributions towards the EUC community and thought leadership within the virtualization space.

Comments

32 responses to “Everything you wanted to know about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING”

Regarding the exclusions for UPM – I find that if you don't exclude "AppDataLocalMicrosoftWindowsUsrClass.*" – you will have a broken "search" in the start menu…?I see you haven't excluded that – but no error?

James, thank you for taking the time to test and blog all the results. Truly appreciate the work. I was wondering if you had a chance to look into the profiles on Windows 2016 TS. Can the start menu be captured in a mult user environment using the same technique as Win10?

Having the same question as Techtron. We’re setting up a Citrix\Appsense test environment with server 2016. I’m pretty sure stopping and starting the 2 services will affect all users on the TS server. It doesn’t seem to affect a logged on user but what if a user logs on while another logs off at the same time? I think the result will be logical…corrupt start menu for at least 1 user.
So the sollutions above will be a (not preferred) work-around for desktops or vdi’s but not for shared desktops/TS/Citrix. Hopefully Microsoft will fix this soon for the Enterprise or else I suppose most companies will not move to 10/2016 for their user environments.

Citrix UPM, for instance, doesn’t need the services to be stopped. So it will work fine in XenApp RDS environments. So will a lot of other solutions. AppSense EM will support it without the service stop in version 10.1. So you don’t need the service stop any more. If you’re using XenApp, then just use UPM with the exclusions above and it will work perfectly.

How fast do these profiles log in? Looking to see what would be best for a non-persistent environment. As the profile will never be cached on the machine so it would always be a first time login. (SLOW…) but hoping one of these solutions allow for a quicker logon.

Personally I would use something like FSLogix Profile containers, UPD or UPM. Mounting the profile as a VHD seems to speed things up pretty conclusively. Can probably get it well down under 30 seconds with the right configuration. Down from a matter of minutes if you have to create a new profile each time.

Can you please take a look at VMware Horizon 7 Persona management as there is no chance of getting help there. Did the same exclusions as per Citrix UPM, works a bit but after some logins there are corruption again.

HI James. I’ve been reading your articles about roaming profiles with great interest. I’m fairly techy by nature but nowhere close to your expertise. I have a problem in that when my Windows 10 Home PC updates to a major new build, I lose all my start menu tiles AND all my taskbar items – they always revert to the Out-of-the-box-day-one-layout. It’s a regular PITA to have to rebuild everything, and I suspect that the solution to all this is somewhere in all your articles about ‘backing up the tile settings’. I wondered if there might be a simple solution to my problem? From what I know, because mine is a HOME edition, I don’t *have* GPO to use – have I got that right? (think I read somewhere in your pennings that it’s possible to create a sort of ‘script’ that runs at log-off and then again at logon using GPO???)

Any pointers you could give me, would be very much appreciated as I’ve been wrestling with this problem for ages now

Balls….I forgot Import-StartLayout is not for use in-session….see below

“Update #1 (21/03/16) – a few people have emailed me asking about the Import-StartLayout cmdlet and whether this can be used instead of the GPO jiggery-pokery we use to import the layout. Unfortunately, this cmdlet is intended to only import layouts to an offline WIM image. You can use it on an online OS, but it will modify only the default profile, and not the user logging in. So unfortunately, a non-starter for allowing the settings to be imported at user logon time, which is a big disappointment as the Import-StartLayout cmdlet removes the need to unlock the tiles after.”

Hi James. Ah well, at least it’s ‘not me’ 🙂 Appreciate your suggestions so far. Someone needs to create an App to do this backing-up I reckon. It’s the only part of my backup strategy when moving to ta new machine that I can’t seem to crack. Hey ho!

IT HEALTH CHECK

HTG is currently offering a confidential review of IT systems and infrastructure to small and medium-sized businesses in North East England and the surrounding areas. As a local company offering a full range of IT services, we can give you expert, no-obligation advice on how to improve security and efficiency, and reduce costs.

Apply for your IT Health Check now using our online form or contact us for more information. One of our IT support team can usually get back to you the same day.